CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10039 – dobos domino EntityFactory.cs sql injection
https://notcve.org/view.php?id=CVE-2015-10039
11 Jan 2023 — A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulation leads to sql injection. Upgrading to version 0.1.5524.38553 is able to address this issue. • https://github.com/dobos/domino/commit/16f039073709a21a76526110d773a6cce0ce753a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-38660 – HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38660
04 Nov 2022 — HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. Las aplicaciones HCL XPages son susceptibles a una vulnerabilidad de Cross-Site Request Forgery (CSRF). Un atacante no autenticado podría aprovechar esta vulnerabilidad para realizar acciones en la aplicación en nombre del usuario que inició sesión. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2020-14230
https://notcve.org/view.php?id=CVE-2020-14230
21 Nov 2020 — HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. HCL Domino es susceptible a una vulnerabilidad de Denegación de Servicio causada por una comprobación inapropiada de la entrada suministrada por el usuario. Un atacante remoto no au... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085303 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-14234
https://notcve.org/view.php?id=CVE-2020-14234
21 Nov 2020 — HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. HCL Domino es susceptible a una vulnerabilidad de Denegación de Servicio debido a una comprobación inapropiada de la entrada suministrada por el usuario, dándole potencialmente al atacante la capacidad de bloquear el servidor. Versiones anteriores a ve... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1712
https://notcve.org/view.php?id=CVE-2017-1712
01 Jul 2020 — "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions." "Una vulnerabilidad en la implementación del protocolo TLS del servidor Domino podría permitir a un atac... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080545 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2015
https://notcve.org/view.php?id=CVE-2015-2015
23 Aug 2015 — Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN. Vulnerabilidad de XSS en pubnames.ntf (también conocido como Directory template) en el servidor web en IBM Domino en versiones anteriores a 9.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través de URL manipulada, también conocido como ... • http://www-01.ibm.com/support/docview.wss?uid=swg21963016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0407
https://notcve.org/view.php?id=CVE-2002-0407
11 Jun 2002 — htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0408
https://notcve.org/view.php?id=CVE-2002-0408
11 Jun 2002 — htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message. • http://marc.info/?l=bugtraq&m=101310812804716&w=2 •